From: Nikos Mavrogiannopoulos Date: Thu, 14 Aug 2014 08:11:03 +0000 (+0200) Subject: The environment variable GNUTLS_FORCE_FIPS_MODE can be used to force the FIPS-140... X-Git-Tag: gnutls_3_4_0~1067 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=df2a9540df2d187f90f5f45ee5cd7c9358f1ba7b;p=thirdparty%2Fgnutls.git The environment variable GNUTLS_FORCE_FIPS_MODE can be used to force the FIPS-140-2 mode --- diff --git a/lib/fips.c b/lib/fips.c index 908e5299f3..33cf4a6207 100644 --- a/lib/fips.c +++ b/lib/fips.c @@ -47,10 +47,22 @@ unsigned _gnutls_fips_mode_enabled(void) unsigned f1p = 0, f2p; FILE* fd; static int fips_mode = -1; +const char *p; if (fips_mode != -1) return fips_mode; - + + p = getenv("GNUTLS_FORCE_FIPS_MODE"); + if (p) { + if (p[0] == '1') + fips_mode = 1; + else if (p[0] == '2') + fips_mode = 2; + else + fips_mode = 0; + return fips_mode; + } + fd = fopen(FIPS_KERNEL_FILE, "r"); if (fd != NULL) { f1p = fgetc(fd);